Multi-factor authentication, or MFA, is an essential tool for securing accounts and protecting data in your organization. Yet, according to a recent survey (LastPass), only 26% of businesses in the US are employing this cybersecurity strategy. Without it, penetrating your network is substantially easier for cybercriminals.
What Is MFA?
MFA is an authentication method in which a user is granted access to a business resource only after successfully presenting two or more pieces of evidence (or factors) to an authenticating mechanism. These factors could include: 1) something they know, 2) something they have, or 3) something they are.
Almost everyone is familiar with MFA; we all use it every time we log into a banking app or other secure website. The data on your network should be at least as protected as your bank account. We recommend requiring multi-factor authentication for all access points that employees have to their organization’s network, while also encouraging employees to enable MFA for email, banking, social media, and other personal accounts.
How MFA Protects Your Data
Usernames are easy to guess – they’re often just email addresses. And we know how easy it is to guess passwords, especially since the most common password being used today is still PASSWORD. A password manager, then, is certainly an effective and necessary means of hindering hackers, but MFA provides an added layer of protection. When you enable MFA, even when a cybercriminal enters a correct username and password, they will not have access to the phone or other device to which a unique code has been sent to complete the login. It stops them in their tracks. Moreover, multi-factor authentication is often required to meet minimum cybersecurity insurance compliance standards and is also part of the NIST security framework requirements protected under Ohio’s Data Protection Act.
Some Managed IT providers are recommending MFA users switch to the more secure methods of delivering codes, The ITeam, a Calgary-based MSP colleague, suggests that biometric and physical authenticators are preferred over mobile SMS text message codes.
How to Roll Out MFA for Your Network
Enabling MFA on a large scale can be challenging, but it really comes down to communication and policy. Communicate to your employees the importance of MFA, at the very least for network access, and establish a policy regarding its use. Microsoft suggests starting with admin users and C-level employees for whom a compromised email could spell big trouble for the company. Microsoft explains:
At a minimum, you want to use MFA for all your admins, so start with privileged users. Administrative accounts are your highest value targets and the most urgent to secure, but you can also treat them as a proof of concept for wider adoption. Review who these users are and what privileges they have – there are probably more accounts than you expect with far more privileges than are really needed. At the same time, look at key business roles, where losing access to email – or having unauthorized emails sent will have a major security impact. Your CEO, CFO, and other senior leaders need to move to MFA to protect business communications.
Threats Aren’t Going Away but Every Organization Can Do More to Thwart Attacks
It’s a constant race to stay a step ahead of cybercriminals, but MFA is one of the simplest ways to protect your business and your data. Whether you use biometrics or an authenticator app as another layer required to access your network, their use will help prevent more threats.
thinkCSC is here to help you protect your organization, providing expert support, innovative tools, and customized solutions designed for your business and industry. We offer a variety of services to strengthen your infrastructure, including vulnerability scanning, internal and external penetration testing, web app penetration testing, security assessments, policy development, and security awareness training. Contact us to learn more.